On April 1, Epsilon, an email direct marketing firm, said that a hacker obtained names and email addresses from its customer database. Since then, a slew of major companies that use Epsilon's services have issued notifications about the breach.
In an April 6 letter to the Attorney General, Blumenthal requested that the Department of Justice (DoJ) investigate Epsilon’s civil and criminal liability for the data breach and whether Epsilon should be required to immediately notify all customers potentially affected.
In addition, Blumenthal asked Holder to determine whether “individually identifiable financial information” has been compromised. “Names and email addresses would allow unscrupulous actors to send emails to consumers – ostensibly from the retailers which whom the consumer does business – seeking private financial information such as credit card numbers or checking or banking accounts”, Blumenthal wrote.
If the DoJ discovers that personal financial information has been compromised, then Epsilon should be required to provide written notification of the breach, information about the data that many have been obtained by the hackers, and personal information security protection, he said.
“I believe that affected individuals should be notified and provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Epsilon or its affected clients”, the senator stressed.